Free Online ROP Gadgets Search

ropshell> use 3c94bcda2a65e71413d3fee2b4be913e (download)
name         : tcpip.sys (x86_64/PE)
base address : 0x1c0001000
total gadgets: 6847

ropshell> suggest "load mem"
> 0x1c0177b50 : mov rax, [rcx]; ret
> 0x1c0177b51 : mov eax, [rcx]; ret
> 0x1c01a0e20 : mov rax, [rcx + 0x108]; ret
> 0x1c0163fe3 : mov rax, [rdx + 0x1e8]; ret
> 0x1c01a0e21 : mov eax, [rcx + 0x108]; ret
> 0x1c0163fe4 : mov eax, [rdx + 0x1e8]; ret
> 0x1c016da79 : mov eax, [rdx]; mov [r9 + 4], eax; ret
> 0x1c019f23f : mov eax, [rsi]; add [rax], al; seta al; ret
> 0x1c0089d72 : mov eax, [r8]; cmp [rdx], eax; sete al; ret
> 0x1c0159749 : mov rax, [r9 + 8]; mov [r8], rax; ret
> 0x1c001c56a : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x1c0082bb1 : mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
> 0x1c0149d34 : mov rbp, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x1c001e53f : mov r14, [r11 + 0x28]; mov rsp, r11; pop rbp; ret
> 0x1c015975e : movzx eax, [r9 + 8]; mov [r8], eax; ret
> 0x1c0031169 : mov ebx, [rax + 2]; add [rax], al; ret
> 0x1c001c56b : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x1c0082bb2 : mov edi, [rbx + 0x18]; mov rsp, r11; pop rbp; ret
> 0x1c0149d35 : mov ebp, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x1c01606de : mov rax, [r10 + 0x140]; mov [r9 + 0x1f8], rax; ret
> 0x1c0056313 : mov edx, [rcx + 0x178]; mov eax, edx; add rsp, 0x28; ret
> 0x1c0151200 : mov rcx, [rax]; xor eax, eax; mov [rip + 0xb9b54], rcx; ret
> 0x1c00caa39 : mov r8, [rax]; mov [rip + 0x141d5d], r8; xor eax, eax; ret
> 0x1c0151201 : mov ecx, [rax]; xor eax, eax; mov [rip + 0xb9b54], rcx; ret
> 0x1c00af87a : mov rbx, [r11 + 0x20]; mov rsp, r11; pop r15; pop r14; pop r12; ret
> 0x1c003125b : mov r12, [r11 + 0x38]; mov rsp, r11; pop r15; pop r14; pop r13; ret
> 0x1c018eeaf : mov rax, [r8 + 0x10]; mov [rdx + 0x10], rax; add rsp, 0x38; ret
> 0x1c015dfbd : mov rcx, [rax + 0x58]; mov [r8 + 8], rcx; xor eax, eax; ret
> 0x1c015dfbe : mov ecx, [rax + 0x58]; mov [r8 + 8], rcx; xor eax, eax; ret
> 0x1c0022107 : movzx ecx, [rdx + 0x18]; sub cx, ax; add [r9 + 0x20], cx; ret
> 0x1c0022106 : movzx ecx, [r10 + 0x18]; sub cx, ax; add [r9 + 0x20], cx; ret
> 0x1c01c6791 : mov rcx, [r8]; call [rip + 0x5cd3d]; nop [rax + rax]; add rsp, 0x28; ret
> 0x1c00a5087 : mov rdx, [rcx]; cmp rax, rdx; cmove r8, rdx; mov rax, r8; add rsp, 0x28; ret
> 0x1c00a5088 : mov edx, [rcx]; cmp rax, rdx; cmove r8, rdx; mov rax, r8; add rsp, 0x28; ret
> 0x1c00cb1c4 : mov rcx, [rdx + rcx]; bswap rax; bswap rcx; cmp rax, rcx; sbb eax, eax; sbb eax, -1; ret
> 0x1c01b0b60 : mov rcx, [r9 + 0x400]; call [rip + 0x7255a]; nop [rax + rax]; add rsp, 0x28; ret
> 0x1c0165c42 : movzx eax, [r10 + 0x58]; add rax, rax; mov [r9 + rax*8 + 8], rcx; ret
> 0x1c012c4cd : movzx ecx, [r8 + 0xa]; add cx, [r8 + 8]; mov [r9 + 0x56], cx; ret
> 0x1c0136a19 : mov edx, [rax + 0x18]; sub edx, [rcx + 0x168]; add edx, [r8 + 0x14]; mov eax, edx; ret
> 0x1c0136a18 : mov edx, [r8 + 0x18]; sub edx, [rcx + 0x168]; add edx, [r8 + 0x14]; mov eax, edx; ret
> 0x1c00c6325 : mov r8, [rax + 0x10]; mov [rdx + 8], r8; mov rax, [rcx + 0x2d8]; mov [rax + 0x10], rdx; ret
> 0x1c01bc974 : mov rax, [r11]; imul rax, rdx; mov [r11], rax; mov rax, [rcx + 8]; imul rax, rdx; mov [rcx + 8], rax; ret
> 0x1c01bc975 : mov eax, [rbx]; imul rax, rdx; mov [r11], rax; mov rax, [rcx + 8]; imul rax, rdx; mov [rcx + 8], rax; ret
> 0x1c01a683c : mov ecx, [r9]; add ecx, r8d; mov rax, [rsp + 0x40]; mov [rax], ecx; mov al, 1; mov rbx, [rsp + 8]; ret
> 0x1c019f050 : mov rdx, [rcx + 8]; mov rcx, r10; mov [rsp + 0x20], rax; call [rip + 0x8440d]; nop [rax + rax]; add rsp, 0x38; ret
> 0x1c00bb728 : mov rax, [r11 + 8]; mov [rsp + 0x38], rax; mov rax, [r10 + 0x30]; mov rax, [rax + 0xd0]; call [rip + 0x16902e]; add rsp, 0x58; ret
> 0x1c00bb729 : mov eax, [rbx + 8]; mov [rsp + 0x38], rax; mov rax, [r10 + 0x30]; mov rax, [rax + 0xd0]; call [rip + 0x16902e]; add rsp, 0x58; ret
> 0x1c0193cc1 : mov rdx, [rax + 0x2c8]; mov rax, [r8 + 8]; mov rcx, [rax + 8]; mov eax, [rcx + 0x18]; add [rdx + 0x2c], eax; xor eax, eax; ret